We performed a comparison between Cisco Secure Firewall and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. The only major difference between the two is that some users of Cisco Secure Firewall consider the deployment to be somewhat complex.
"The GUI is good."
"It blocks the vulnerabilities that can negatively impact us."
"One of the valuable features is a standardized OS."
"The solution is very easy to understand. It's not overly complex."
"Security, SD-WAN, and Streetscape are valuable features."
"Some of the key features of the solution is that it has good reporting, you can receive many details from the connection, for example, clients and website information."
"The response is very quick and they can visually resolve our problems in a short period."
"The most valuable features are the possibility of having one fabric for switching on security."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors."
"Sourcefire has been a great addition. The visibility and control have been nice."
"The return on investment is not going to be restricted to just the box... Now, these genres have been expanded to cyber, to third-party integrations, having integrated logging, having integrated micro and macro segmentations. The scope has been widened, so the ROI, eventually, has multiplied."
"We have not had to deal with stability issues."
"Its efficiency and security are the most important. We are more efficient and more secure."
"I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful."
"The most stable firewall I’ve ever worked with. Once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration."
"I like the web filter, application filter, and VBA."
"A valuable feature involves the solution's manageability."
"It's a complete firewall solution that has everything."
"This solution is very user-friendly and even a non-professional can configure the policies."
"The solution is stable. I've had very few problems with it."
"It's a good security tool and it aligns with the rest of our security stack."
"We get good usage out of the features. It has enabled us to gain popularity. It has great features."
"It gives me a very good, stable connection in all tunnels."
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"The reports are very basic."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"The search tool needs improvement. It's very difficult to search for policies right now."
"It would be nice if backups could more easily migrate between different models."
"The initial setup and configuration are not intuitive and require training."
"The feature which gives us a lot of pain is ASIC architecture."
"The throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput."
"One big pain point I have is the ASDM interface because it's Java, and sometimes, it's a bit buggy and has low performance. That's something that probably won't be improved because of backward compatibility."
"Sometimes my customers say that Cisco Firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved."
"I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."
"If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."
"Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help."
"The initial setup was complex."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"While it is possible to configure between two of the solution's devices in the same model, the high available usually fails."
"Sophos XG's web server protection and log viewer could improve. They should also introduce sandboxing."
"I would like to see the performance improved."
"One area where Sophos XG could improve is in its patch management system."
"Fortinet surpasses Sophos in terms of support, particularly with its comprehensive five-one feature console."
"Sophos XG could improve by coming out with more innovative feature developments."
"The uploading and downloading of reports should be included."
"It would be great if the user can have a portal to check on activities related to their account."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Cisco Secure Firewall is rated 8.2, while Sophos XG is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and SonicWall NSa. See our Cisco Secure Firewall vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
My preference is the Sophos XGS, particularly when you team it up with the Sophos Endpoint Protection client and configure it for synchronized security.
Both can be managed through Sophos Central and are available at a decent price for the power they offer the SMB.
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.
Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.